Security researchers have uncovered an ongoing cyberattack campaign where hackers are exploiting outdated versions of WordPress and its plug-ins to compromise thousands of websites.
The attackers aim to deceive visitors into downloading and installing malware, potentially exposing them to credential theft and data breaches.
The campaign, still active, was first identified by web security company c/side.
Simon Wijckmans, the company’s founder and CEO, confirmed to TechCrunch that the attack is widespread and highly commercialized.
Malware Targeting Windows and Mac Users
According to c/side, the compromised websites are among some of the most visited on the internet.
The attackers deploy a “spray and pray” strategy, indiscriminately targeting users rather than focusing on a specific group.
Once a hacked WordPress site is accessed, the page dynamically changes to display a fake Chrome browser update notification.
Also read: WordPress Real-Estate Plugin Vulnerability Exposes 32k+ Websites
Visitors are urged to download an update to continue viewing the content.
However, this so-called update is, in reality, a malicious file designed to install malware on both Windows and Mac devices.
C/side researchers have reported the attack to Automattic, the company behind WordPress.com, providing a list of malicious domains involved.
While Automattic acknowledged receipt of the alert, they have yet to issue a public statement regarding the breach.
The security firm identified over 10,000 compromised websites by scanning for malicious scripts and performing reverse DNS lookups to uncover additional infected domains.
This attack highlights the risks of using outdated software, reinforcing the importance of regular updates and cybersecurity best practices to protect websites and users from emerging threats.
About Author
